htmly icon indicating copy to clipboard operation
htmly copied to clipboard

Published 20 hours ago verified publisher icon danpros

Result of a security test online

Open Hjertesvikt opened this issue 4 years ago • 2 comments

Hi all,

I tested https:www.htmly.com with several online security tools like sitecheck.sucuri.net/ Here is what they found:

  • Missing security header for ClickJacking Protection. Alternatively, you can use Content-Security-Policy: frame-ancestors 'none'.

  • Missing security header to prevent Content Type sniffing.

  • Missing Strict-Transport-Security security header.

  • Missing Content-Security-Policy directive.

  • Response headers do not include the HTTP X-Frame-Options security header

  • Response headers do not include the HTTP X-XSS-Protection security header

  • Response headers do not include the X-Content-Type-Options HTTP security header

  • Response headers do not include the Referrer-Policy HTTP security header

I wonder in which file there is a need for making changes?

Thanks for maintaining HTMLy, its a beautiful software.

Jean-Pierre

Hjertesvikt avatar May 25 '21 20:05 Hjertesvikt

Hi, you are welcome.

It can be specify via theme or server headers (mod_headers) etc.

danpros avatar Jun 01 '21 02:06 danpros

Most, if not all, would normally be done in the web server config files or in the site definition. Just for quick reference: phpbb and MediaWiki would show the same messages.

ProjectPatatoe avatar Jun 12 '21 08:06 ProjectPatatoe